00001
00023 #ifndef POLARSSL_X509_H
00024 #define POLARSSL_X509_H
00025
00026 #include "polarssl/rsa.h"
00027
00028
00029
00030
00031
00032
00033
00034 #define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
00035 #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
00036 #define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
00037 #define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
00038 #define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
00039
00040
00041
00042
00043 #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
00044 #define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
00045 #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
00046 #define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
00047 #define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
00048 #define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
00049 #define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
00050 #define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
00051 #define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
00052 #define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
00053 #define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
00054 #define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
00055 #define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
00056 #define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
00057 #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
00058 #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
00059 #define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
00060 #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
00061 #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
00062 #define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
00063 #define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
00064 #define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
00065 #define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
00066 #define POLARSSL_ERR_X509_POINT_ERROR -0x0300
00067 #define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
00068
00069
00070
00071
00072 #define BADCERT_EXPIRED 1
00073 #define BADCERT_REVOKED 2
00074 #define BADCERT_CN_MISMATCH 4
00075 #define BADCERT_NOT_TRUSTED 8
00076 #define BADCRL_NOT_TRUSTED 16
00077 #define BADCRL_EXPIRED 32
00078
00079
00080
00081
00082 #define ASN1_BOOLEAN 0x01
00083 #define ASN1_INTEGER 0x02
00084 #define ASN1_BIT_STRING 0x03
00085 #define ASN1_OCTET_STRING 0x04
00086 #define ASN1_NULL 0x05
00087 #define ASN1_OID 0x06
00088 #define ASN1_UTF8_STRING 0x0C
00089 #define ASN1_SEQUENCE 0x10
00090 #define ASN1_SET 0x11
00091 #define ASN1_PRINTABLE_STRING 0x13
00092 #define ASN1_T61_STRING 0x14
00093 #define ASN1_IA5_STRING 0x16
00094 #define ASN1_UTC_TIME 0x17
00095 #define ASN1_UNIVERSAL_STRING 0x1C
00096 #define ASN1_BMP_STRING 0x1E
00097 #define ASN1_PRIMITIVE 0x00
00098 #define ASN1_CONSTRUCTED 0x20
00099 #define ASN1_CONTEXT_SPECIFIC 0x80
00100
00101
00102
00103
00104 #define X520_COMMON_NAME 3
00105 #define X520_COUNTRY 6
00106 #define X520_LOCALITY 7
00107 #define X520_STATE 8
00108 #define X520_ORGANIZATION 10
00109 #define X520_ORG_UNIT 11
00110 #define PKCS9_EMAIL 1
00111
00112 #define X509_OUTPUT_DER 0x01
00113 #define X509_OUTPUT_PEM 0x02
00114 #define PEM_LINE_LENGTH 72
00115 #define X509_ISSUER 0x01
00116 #define X509_SUBJECT 0x02
00117
00118 #define OID_X520 "\x55\x04"
00119 #define OID_CN "\x55\x04\x03"
00120 #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
00121 #define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
00122 #define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
00123 #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
00124 #define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
00125
00126
00127
00128
00129 typedef struct _x509_buf
00130 {
00131 int tag;
00132 int len;
00133 unsigned char *p;
00134 }
00135 x509_buf;
00136
00137 typedef struct _x509_name
00138 {
00139 x509_buf oid;
00140 x509_buf val;
00141 struct _x509_name *next;
00142 }
00143 x509_name;
00144
00145 typedef struct _x509_time
00146 {
00147 int year, mon, day;
00148 int hour, min, sec;
00149 }
00150 x509_time;
00151
00152 typedef struct _x509_cert
00153 {
00154 x509_buf raw;
00155 x509_buf tbs;
00156
00157 int version;
00158 x509_buf serial;
00159 x509_buf sig_oid1;
00160
00161 x509_buf issuer_raw;
00162 x509_buf subject_raw;
00163
00164 x509_name issuer;
00165 x509_name subject;
00166
00167 x509_time valid_from;
00168 x509_time valid_to;
00169
00170 x509_buf pk_oid;
00171 rsa_context rsa;
00172
00173 x509_buf issuer_id;
00174 x509_buf subject_id;
00175 x509_buf v3_ext;
00176
00177 int ca_istrue;
00178 int max_pathlen;
00179
00180 x509_buf sig_oid2;
00181 x509_buf sig;
00182
00183 struct _x509_cert *next;
00184 }
00185 x509_cert;
00186
00187 typedef struct _x509_crl_entry
00188 {
00189 x509_buf raw;
00190
00191 x509_buf serial;
00192
00193 x509_time revocation_date;
00194
00195 x509_buf entry_ext;
00196
00197 struct _x509_crl_entry *next;
00198 }
00199 x509_crl_entry;
00200
00201 typedef struct _x509_crl
00202 {
00203 x509_buf raw;
00204 x509_buf tbs;
00205
00206 int version;
00207 x509_buf sig_oid1;
00208
00209 x509_buf issuer_raw;
00210
00211 x509_name issuer;
00212
00213 x509_time this_update;
00214 x509_time next_update;
00215
00216 x509_crl_entry entry;
00217
00218 x509_buf crl_ext;
00219
00220 x509_buf sig_oid2;
00221 x509_buf sig;
00222
00223 struct _x509_crl *next;
00224 }
00225 x509_crl;
00226
00227
00228
00229
00230 typedef struct _x509_node
00231 {
00232 unsigned char *data;
00233 unsigned char *p;
00234 unsigned char *end;
00235
00236 size_t len;
00237 }
00238 x509_node;
00239
00240 typedef struct _x509_raw
00241 {
00242 x509_node raw;
00243 x509_node tbs;
00244
00245 x509_node version;
00246 x509_node serial;
00247 x509_node tbs_signalg;
00248 x509_node issuer;
00249 x509_node validity;
00250 x509_node subject;
00251 x509_node subpubkey;
00252
00253 x509_node signalg;
00254 x509_node sign;
00255 }
00256 x509_raw;
00257
00258 #ifdef __cplusplus
00259 extern "C" {
00260 #endif
00261
00272 int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen );
00273
00283 int x509parse_crtfile( x509_cert *chain, char *path );
00284
00295 int x509parse_crl( x509_crl *chain, unsigned char *buf, int buflen );
00296
00306 int x509parse_crlfile( x509_crl *chain, char *path );
00307
00319 int x509parse_key( rsa_context *rsa,
00320 unsigned char *buf, int buflen,
00321 unsigned char *pwd, int pwdlen );
00322
00332 int x509parse_keyfile( rsa_context *rsa, char *path, char *password );
00333
00345 int x509parse_dn_gets( char *buf, size_t size, x509_name *dn );
00346
00359 int x509parse_cert_info( char *buf, size_t size, char *prefix, x509_cert *crt );
00360
00373 int x509parse_crl_info( char *buf, size_t size, char *prefix, x509_crl *crl );
00374
00384 int x509parse_time_expired( x509_time *time );
00385
00406 int x509parse_verify( x509_cert *crt,
00407 x509_cert *trust_ca,
00408 x509_crl *ca_crl,
00409 char *cn, int *flags );
00410
00416 void x509_free( x509_cert *crt );
00417
00423 void x509_crl_free( x509_crl *crl );
00424
00430 int x509_self_test( int verbose );
00431
00432 #ifdef __cplusplus
00433 }
00434 #endif
00435
00436 #endif